Short-Term Consultant - Technical Cyber Risk and Security at Pezesha

• We are seeking a highly skilled, technical and experienced Short-Term Consultant specializing in Information Technology Cyber Risk and Security. As a consultant in this role, you will play a critical part in safeguarding our digital assets, ensuring compliance with relevant regulations, and enhancing the overall security of our organization. This is a short-term position with a specific focus on addressing immediate cybersecurity needs and providing recommendations for long-term security strategies.

Responsibilities

• Conduct a comprehensive assessment of our current cyber risk mitigation framework, including identifying potential risks, vulnerabilities and threats specific to our operations, data, architecture design, APIs and systems.
• Perform penetration tests
• Collaborate with internal stakeholders to develop and implement effective cybersecurity policies, procedures, and protocols - ensuring it matches our business requirements and regulatory environment.
• Perform audit and vulnerability assessments of our IT infrastructure, data warehouse, systems, and applications to proactively identify and mitigate security risks.
• Provide expert guidance and recommendations on the selection, deployment, and configuration of cybersecurity technologies, such as firewalls, intrusion detection systems, and endpoint protection solutions.
• Deliver training and awareness programs to educate our employees on cybersecurity best practices and promote a culture of security consciousness throughout the organization.
• Advise senior management on cybersecurity-related matters, offering strategic insights and actionable recommendations to enhance our overall cyber resilience.
• Develop documentation of cybersecurity policies, procedures, incident response plans, and other relevant documentation, ensuring compliance with applicable regulatory requirements.
• Come up with a monitoring and evaluation matrix and process we will use for internal security audit as an ongoing concern
• Security Monitoring and threat intelligence - implement security monitoring tools and processes to detect and respond to suspicious activities and threats in real-time.
• Develop and implement data access controls and encryption mechanisms to safeguard sensitive information stored in databases and data warehouses.
• Monitor data usage and access patterns to detect and respond to unauthorized or suspicious activities that may indicate data breaches or security incidents.
• Provide expert guidance and recommendations on data protection technologies and solutions, such as data loss prevention (DLP), encryption, and tokenization.
• Develop and maintain documentation of data governance policies, procedures, and data flow diagrams, ensuring alignment with regulatory requirements and industry best practices.

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field; advanced certifications (e.g., CISSP, CISM, CEH) preferred.
• Experience with Google Cloud Platform (or similar), database management and database security frameworks.
• Hands-on experience with data protection technologies and solutions, such as data encryption, DLP, and data masking.
• Proven track record of at least 5 years in a cybersecurity role, with specific experience in the fintech industry and familiarity with the regulatory environment in East Africa.
• In-depth knowledge of cybersecurity principles, frameworks, and best practices, including ISO 27001, NIST Cybersecurity Framework, and GDPR.
• Hands-on experience with cybersecurity tools and technologies, such as SIEM, DLP, IDS/IPS, and vulnerability management systems.
• Strong analytical skills and the ability to assess complex technical issues, identify root causes, and develop effective solutions.
• Excellent communication and interpersonal skills, with the ability to effectively engage with diverse stakeholders at all levels of the organization.
• Proactive mindset with a commitment to continuous learning and professional development in the field of cybersecurity.